1. Field of the Invention
This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2007-153807, filed on Jun. 11, 2007, the disclosure of which is incorporated herein in its entirety by reference.
The present invention relates to a secret communications network and, more particularly, to a method and device for managing cryptographic keys to be used between nodes.
2. Description of the Related Art
The Internet is an economic and social infrastructure over which various kinds of data are exchanged, and therefore it is an important issue to provide for preventive measures to protect the data flowing over the network beforehand from risks of eavesdropping. A secret communications system, in which data for communication is encrypted, can be cited as one of the preventive measures. There are two broad types of cryptographic methods: common key cryptography and public key cryptography.
The common key cryptography is a method using a common cryptographic key for encryption and decryption, as typified by AES (Advanced Encryption Standard). This method makes high-speed processing possible and therefore is used to encrypt data itself.
The public key cryptography, on the other hand, is a method using a one-way function, as typified by the RSA (Rivest, Shamir, Adleman) encryption algorithm. According to this method, encryption is performed by using a public key, and decryption is performed by using a private key. This method is used to distribute a cryptographic key for common key cryptography because it is not suitable for high-speed processing.
In secret communication that ensures secrecy by encrypting data, one of the important things to ensure secrecy is that encrypted data is not broken even if the encrypted data is intercepted by an eavesdropper. Accordingly, it is necessary not to keep using the same cryptographic key to encrypt data. This is because, if the same cryptographic key is continually used for encryption, the possibility is increased that the cryptographic key is estimated based on the increased amount of intercepted data.
Accordingly, it is required to update a cryptographic key shared between a sending side and a receiving side. When updating a key, it is absolutely necessary that the key to be updated should not be intercepted or broken. To this end, there are two broad types of methods: (1) a method by which a key is encrypted by means of public key encryption and then transmitted, and (2) a method by which a key is encrypted by using a master key, which is a common key preset for key update, and then transmitted (for example, see Japanese Patent Application Unexamined Publication Nos. 2002-344438 and 2002-300158). Security according to these methods depends on the fact that an enormous amount of calculation is required for cryptanalysis.
On the other hand, there have been proposed quantum key distribution (QKD) techniques. According to QKD, a cryptographic key is generated and shared between a sending side and a receiving side by the transmission of a single photon per bit, unlike ordinary optical communications (see Bennett, C. H., and Brassard, G., “QUANTUM CRYPTOGRAPHY: PUBLIC KEY DISTRIBUTION AND COIN TOSSING,” IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, Dec. 10-12, 1984, pp. 175-179, and Ribordy, G., Gauiter, J., Gisin, N., Guinnard, O., and Zbinden, H., “Automated ‘plug & play’ quantum key distribution,” Electronics Letters, 1998, Vol. 34, No. 22, pp. 2116-2117). This QKD technique ensures security not based on the amount of calculation as mentioned above but based on the quantum mechanics, and it has been proved that eavesdropping on a photon transmission part is impossible. Moreover, not only key generation and sharing between a single node and another single node, proposals have also been made to realize key generation and sharing between a single node and multiple nodes (hereinafter, referred to as 1:N key generation and sharing), or key generation and sharing between multiple nodes and multiple nodes (hereinafter, referred to as N:M key generation and sharing), by using an optical switching technique and a passive optical branching technique (see Townsend, P. D., “Quantum cryptography on multiuser optical fibre Networks,” Nature, Jan. 2, 1997, Vol. 385, pp. 47-49).
According to such a QKD technique, since information that is the source of a cryptographic key is transmitted by being superimposed on each of single photons, it is possible to continue generating a cryptographic key as long as photon transmission is performed. For example, it is possible to generate several tens kilobits of final key per second.
Furthermore, perfectly secure encrypted communication can be achieved by using a QKD-generated cryptographic key for a one-time pad (OTP) cipher, which has been proved to be unbreakable. When encrypted communication is performed by using OTP cipher, a cryptographic key is consumed as much as the quantity of data and is always discarded once it is used. For example, when a 1-Mbit file is OTP-encrypted and then transmitted and received, a 1-Mbit cryptographic key is consumed on each of the sending and receiving sides.
As described above, in a quantum cryptographic system in which cryptographic keys are generated and consumed in large quantities, it is indispensable to manage the cryptographic keys stored in storage media. In the QKD technique in particular, it is important to manage cryptographic keys among multiple nodes to realize the expansion to 1:N or N:M key generation and sharing by using optical switching technique and/or passive optical branching technique as proposed in Townsend, P. D. cited above.
However, conventional technologies place importance on cryptographic key generation, and cryptographic key management has hardly been performed with consideration given to the fact that a cryptographic key is also consumed. As described above, the amount of a stored cryptographic key at each node is increased as a key generation and sharing process is performed, while the stored encryption key is consumed and its amount is decreased every time encrypted communication is performed. In addition, generally, key generation rates at which cryptographic keys are generated through the key generation and sharing process are not uniform among nodes because the key generation rate depends also on the distance between nodes and the quality of communication. Therefore, the amount of stored key at each node is increased/decreased from moment to moment. The management of cryptographic keys becomes more complicated as the number of nodes increases.
Moreover, in a 1:n network having a center-remote structure like 1:n connections, since a cryptographic key is generated and shared between a center node and each of n remote nodes, the cryptographic keys are not shared among remote nodes. Accordingly, encrypted communication cannot be performed between remote nodes. In a N:M connection network, encrypted communication can be performed between two nodes which have performed key generation and sharing process. However, encrypted communication cannot be performed between nodes which have never performed key generation and sharing process because no cryptographic key is shared between these nodes.